Interfaces such as UART and JTAG can be used to uncover security issues such as global
shared encryption keys, which are a bad idea since attackers can exploit the architecture once
the key is compromised. In the case of our cloudBit prototype, we came across an issue in
which the local WiFi network was stored in clear text on disk. Stored secrets in hardware plat-
forms are a common issue, and attackers are bound to attempt to uncover them. In order to
help promote better hardware security, the Trusted Computing Group (TCG) has published
and continues to update the Trusted Platform Module (TPM) standard. The specifications pro-
vided by TCG allow hardware designers to construct a secure hardware processor that can
offer great reliability in storing secrets such as passwords and encryption keys.
As designers and architects come closer to validating a proposed version of their device
past the initial prototyping stage, hardware security—including the availability of functionality
via UART and JTAG—becomes a concern. It should be assumed that ethical security
researchers as well as attackers will tinker with debug access on hardware and will eventually
gain access to the interface. One important item to remember is that in the case of LIFX, the
issue wasn’t that the JTAG interface exposed the encryption key, but the fact that using the
same encryption key in every lightbulb is an insecure design. IoT product manufacturers
should also think through secrets (such as WiFi credentials) that their devices must protect
responsibly. Standards and processors that implement TPM can and should be used to enable
hardware to store secrets more reliably so that they are not present in the firmware or accessi-
ble using hardware debug interfaces.
Side Channel Attacks
In addition to debug interfaces and the secure storage of secrets in hardware, IoT hardware designers
should also take into the possibility of account side channel attacks, whereby information gained from
the physical aspects of the system is leveraged to break security controls and potentially steal secrets
such as passwords and encryption keys. Power analysis of a computing system has been a popular
flavor of side channel attack. The ChipWhisperer suite of hardware and software tools can be used to
analyze a particular device for information leakage by examining its power consumption. Researchers
have also been able to use acoustics—i.e., the noise computing devices use during operation—to
extract and decipher encryption keys. Side channel attacks have been exploited in the past, and it is
important for IoT designers to make sure they understand the various ways their hardware can leak
information that can potentially be abused to exploit their systems.Abuse Cases in the Context of Threat Agents
Coming up with potential abuse cases requires context with regard to the possible threat
agents who may act on vulnerabilities. A threat agent is an individual or a group of people who
may want to exploit vulnerabilities for personal gain. Threat agents have differing levels of
skills, resources, and intentions. For example, a gang of attackers with financial backing may
216 CHAPTER 7: SECURE PROTOTYPING—LITTLEBITS AND CLOUDBIT